CLAIMS 

Please amend Claims 1, 2, 4, 6-10, and 15-20 as follows: 



1 . (Currently Amended) A security intrusion mitigation method comprising: 
utilizing network spanning tree configuration information to determine an 

action for mitigating diffusion of intrusive attacks between components associated 
with a network, wherein said spanning tree information includes an indication of 
[[an]] a first internal diffusion risk and a second internal diffusion risk , wherein said 
first internal diffusion risk is a risk of [[said]] a first attack diffusing from a first 
component associated with said network to a second component associated with 
said network and said second internal diffusion risk is a risk of a second attack 
diffusing from a third component associated with said network to said second 
component : 

using said internal diffusion risks to determine that there is a higher risk of 
said first attack diffusing from said first component to said second component than 
said second attack diffusing from said third component to said second component: 
and 

using said network spanning tree configuration information to perform 
[[performing]] said action for mitigating diffusion of intrusive attacks automatically at 
least in part bv mitigating said first attack before mitigating said second attack , 
wherein said action for mitigating includes compensation for functional support of an 
application associated with said second component that has priority over another 
application pr i orit i z e d app li cations . 

2. (Currently Amended) A security intrusion mitigation method of Claim 1 further 
comprising utilizing said internal diffusion risks [[values]] to determine components 
forming a path in said spanning tree configuration with a highest cumulative 
diffusion impact risk. 

3. (Original) A security intrusion mitigation method of Claim 1 wherein said 
internal diffusion risk includes an asset value factor. 

4. (Currently Amended) A security intrusion mitigation method of Claim 3 
wherein said asset value corresponds to an economic impact of a disruption to 
functionality provided by a [[network]] particular component. 
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5. (Original) A security intrusion mitigation method of Claim 1 wherein said 
internal diffusion risk includes an exposure rating factor. 

6. (Currently Amended) A security intrusion mitigation method of Claim 5 
wherein said exposure rating defines a threshold value corresponding to 
connectivity of [[network]] particular component with other [[network]] components. 

7. (Currently Amended) A security intrusion mitigation method of Claim 5 
wherein said [[network]] particular component is assigned an exposure rating value 
based upon a connectivity distance from a root node. 

8. (Currently Amended) A security intrusion mitigation method of Claim 5 
wherein said action for mit i gat i ng d i ffuc i on of i ntruo i vo attacko is implemented in 
accordance with a highest risk algorithm. 

9. (Currently Amended) A security intrusion mitigation method of Claim 5 
wherein said network spanning tree configuration information includes information 
associated with components included in a utility data center and said [[mitigation]] 
action is implemented in said utility data center. 

1 0. (Currently Amended) A security intrusion mitigation system comprising: 
a means for communicating information; 

a means for processing information including instructions for determining a 
highest risk path that has the highest risk of an attack spreading between network 
components included in said highest risk path in comparison to risks of attacks 
spreading between network components associated with other risk oaths and 
automatically mitigating sajd_[[an]] attack from spreading between said network 
components included in said highest risk path; and 

a means for storing said information, including instructions for storing 
information describing said highest risk path. 

1 1 . (Original) A security intrusion mitigation system of claim 1 0 wherein said 
instructions include security management instructions implemented on a network 
application management platform. 
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1 2. (Original) A security intrusion mitigation system of claim 1 0 further comprising 
a means for interfacing with a network application management platform. 

13. (Original) A security intrusion mitigation system of claim 10 wherein said 
instructions include attack spread risk determination instructions. 

1 4. (Original) A security intrusion mitigation system of claim 1 0 further comprising 
a means for centrally controlling a utility data center operations. 

1 5. (Currently Amended) A computer usable storage medium having computer 
readable program code embodied therein for causing a computer system to 
implement security intrusion mitigation instructions comprising: 

a component risk determination module for determining that a first risk of 
[[an]] a first attack spreading from a first component to a second component 
i nc l uded i n a n e twork is higher than a second risk of a second attack spreading from 
a third component to a fourth component, wherein said first, second, third and fourth 
components are included in a network : and 

an attack spreading response module for responding to said first risk before 
responding to said second risk of sa i d attack spread i ng from r.n i ri fii-H mmpnnnnt tn 
sa i d second component i nc l uded i n said n e twork . 

16. (Currently Amended) A computer usable storage medium of Claim 15 
wherein said first risk is biased based upon an economic value of functions said 
second component performs. 

1 7. (Currently Amended) A computer usable storage medium of Claim 1 5 said 
first risk is biased based upon connectivity of said second component to said first 
component in said network. 

1 8. (Currently Amended) A computer usable storage medium of Claim 1 7 
wherein said [[response]] responding includes reducing traffic communication to said 
second component. 

19. (Currently Amended) A computer usable storage medium of Claim 1 5 
wherein said [[response]] responding includes turning off an interface of said second 
component to said network. 
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20. (Currently Amended) A computer readable medium of Claim 1 9 wherein said 
[[response]] responding is performed in accordance with an highest risk analysis. 
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